romanzolotarev.com: support and find me elsewhere

Tested on OpenBSD 6.3

Generate random string with random(4)

The urandom device produces high quality pseudo-random output data.

"Never use /dev/random. On OpenBSD, it does the same as /dev/urandom, but on many other systems, it misbehaves. For example, it may block, directly return entropy instead of using a stream cipher, or only return data from hardware random generators."
random(4)

Limit character set

Keep characters you need and exclude everything else tr(1). For example, keep characters from 1 to 6.

$ tr -cd '1-6' < /dev/urandom
4135234354265156412324163535634456635452512413235
163421554662651365144426161433312335
^C
$

Trim

fold(1) into twenty-character wide lines, then head(1) the first line:

$ tr -cd '1-6' < /dev/urandom |
fold -w 20 |
head -n 1
15521625233645245322
$

Another way to take first 20 characters, use dd(1):

$ tr -cd '1-6' < /dev/urandom |
echo $(dd count=20 bs=1 status=none)
35611246252555226656
$

Adjust character set

Use any range of characters. For, example from the first printable char, space, to tilde.

$ tr -cd ' -~' < /dev/urandom |
fold -w 20 | head -n 1
a(k#$(K ?I?d!^NM^(5x
$

Or all alphanumeric characters, comma, and dot.

$ tr -cd '[:alnum:],.' < /dev/urandom |
fold -w 20 | head -n 1
3zgoNRosNuznXUxzENI.
$

Or just use jot(1)

Run jot(1) with the option -r to print random numbers.

$ jot -r 3
95
23
58
$

Set the range from 32 to 126 (ASCII codes of space and tilde), print a character represented by this number (-c), and separate characters with an empty string (-s '').

$ jot -rcs '' 20 32 126
L(k&C%M{E}7FFT9*H5tt
$

Or use openssl(1)

openssl(1) with rand command outputs pseudo-random bytes and with the -base64 option it encodes the output to its printable form.

$ openssl rand -base64 20
zM+i3ms6UGh8TkS4azknU+ncMIY=
$

"I'd be wary of using openssl(1)→Base64 unless you know that "=" can only come at the end because it's used as padding and so it's not adding anything extra to the password's entropy."
Tim Chase (@gumnos)

See also

diceware, pass


Thanks to David Dahlberg, Tim Chase, Bojan Nastic, horia, Ben Bai for the hints, and to Theo de Raadt for arc4random.

Patreon PayPal Vultr OpenBSD Amsterdam Mastering the Web